Element-web: All old messages are "Encrypted by a deleted session"
Description
When logging in to an existing account that has been validated via cross-signing, all existing messages in encrypted chats have a status of "Encrypted by a deleted session", even if the session used to send those messages is still active.
Steps to reproduce
- With any client & account, send some messages in an encrypted room
- Use a new web browser session to log in to that same account, and verify it with cross-signing
- Wait for encrypted message keys to be shared
Encrypted messages will be readable in the new account, but they will appear with a red shield & status of "Encrypted by a deleted session". This includes messages sent by your account from other clients, and messages received from other users that have been verified via cross-signing. Messages sent by accounts that haven't set up cross-signing don't have this status, though.
Version information
- Platform: web (in-browser)
For the web app:
- Browser: Chrome, Firefox (latest versions)
- OS: Windows 10, Fedora 32
- URL: any URL using riot-web-1.6.0-rc6 or newer (riot.im/develop / riot.im/app / riot.im/staging / self-hosted Riot Web)
mrjohnson22
All 6 comments
I'm experiencing the same things. Additionally this messages are shown as "Encrypted by a deleted session" on my PC and are displayed with green lock in Mobile App. This is strange.
Morishiri
on 6 May 2020
Note that this does not happen when upgrading a previously logged-in Riot Web to 1.6.0 (the RCs I tested were 3 (I think) and 6) and validating it with another session.
A similar issue happened before cross-signing, so maybe this is the same issue but just with a slightly different UI outcome.
mrjohnson22
on 6 May 2020
Building on @Morishiri's comment, this isn't a problem in RiotX. I just logged into my account from RiotX on a fresh Android emulator and cross-verified it with a Riot Web session; once encrypted messages became readable, they appeared without any warnings.
mrjohnson22
on 7 May 2020
Riot Web has the same problem when viewing messages sent from RiotX. I tested sending some messages from a verified RiotX session, then logging into a new Riot Web session, where the RiotX messages appear as "Encrypted by a deleted session".
This rules out the problem only affecting messages sent from Riot Web.
mrjohnson22
on 7 May 2020
It's also worth mentioning that if you really do delete a session, their messages correctly appear with the shield & warning.
mrjohnson22
on 7 May 2020
Tested on a Nextcloud hosted Element app and still happens.
Element version: Element Web v1.7.10
I was logged in on my phone with Element Android (1.0.9 F-Droid version), and on app.element.io (Element version: 1.7.10). Cross singing and key backup are turned on and working.
The newly logged in client (Nextcloud Element) synced the keys, after verification with app.element.io, all messages says: "The authenticity of this encrypted message can't be guaranteed on this device."
Except redacted messages. All the redacted messages in the history says: "Encrypted by a deleted session"
Me and the recipient are using self hosted homeservers (it it helps anything at all).
Maybe related to: #15558
T-bond
on 26 Oct 2020
Related issues
t3chguy
·
3Comments
ara4n
·
3Comments
lampholder
·
3Comments
grahamperrin
·
3Comments
nvbln
·
3Comments
Most helpful comment
Building on @Morishiri's comment, this isn't a problem in RiotX. I just logged into my account from RiotX on a fresh Android emulator and cross-verified it with a Riot Web session; once encrypted messages became readable, they appeared without any warnings.